North Korean operatives have been linked to a cryptocurrency scam that raised money for the Kim Jong-un regime.
A report published today by cyber threat intelligence provider Recorded Future said that it had “high confidence” that Marine Chain Platform is a scam originating from North Korea.
Marine Chain modelled itself as an asset-backed cryptocurrency that supposedly enabled the tokenisation of maritime vessels and owners. The website appeared to replicate a site called www.shipowner.io, which offered the same service.
The Marine Chain website was hosted on four different IP addresses during its lifetime. One of these addresses had previously hosted fraudulent trading site Binary Tilt, which was declared fraudulent by Canada and resulted in losses ranging from tens to hundreds of thousands of dollars for dozens of individuals.
Two men named Tony Walker and HyoMyong Choi were linked to the platform’s LinkedIn page. Further research showed that they both attended the National University of Singapore, a country that contains small groups friendly to the Kim regime.
Most notably, a man named Captain Jonathan Foong Kah Keong, believed to be the CEO of Marine Chain, has connections to Singaporean companies that have assisted North Korea in circumventing sanction efforts. Research by 38North has previously identified him as being in a “close circle of friends in Singapore that have aided the country’s overseas trade”.
Recorded Future states that “these connections to Marine Chain Platform mark the first time this vast and illicit network has utilised cryptocurrencies or blockchain technology to raise funds for the Kim regime”.
North Korea cryptocurrency scam: A means to bypass sanctions
It reinforces concerns previously voiced by experts that North Korea is increasingly turning to cryptocurrency to bypass international sanctions, which the country has been subject to since 2006.
A separate report by Group IB, released last week, blamed North Korea for five of the 14 cryptocurrency exchange hacks in which roughly $571m was stolen from various crypto exchanges. The attack was attributed to North Korean hacking unit Lazarus Group, which has been behind a spate of cyber attacks in recent years, including the WannaCry attack that hit the NHS in 2017.
However, it is unclear how much money the Marine Chain scam made for the Kim regime.
“What we can say, however, is that these two altcoins are examples of the expansion in cryptocurrency exploitation that we have been seeing from the North Koreans for years,” Priscilla Moriuchi, director of strategic threat development at Recorded Future, told Verdict.
“We believe that this is just the leading edge and we will see more of this type of cryptocurrency scamming in the future.”
The report forms part of a year and a half long investigation into North Korean internet use among its leaders. The latest analysis found evidence of a growing North Korea cryptocurrency ecosystem.
The report also expressed “low confidence” that North Korean users were involved in another scam around the altcoin known as Interstellar, which rebranded several times.
North Korea’s internet access
The investigation into the North Korea cryptocurrency scam forms part of a wider investigation by Recorded Future into the country’s internet use.
Using a number of tools, they analysed third-party data, IP geolocation, Border Gateway Protocol routing tables and open source intelligence to map out the trends of North Korea’s leaders – the small handful of the population that has access to the global internet.
As part of its year and a half analysis, it also found that North Korean leaders have been mining Bitcoin and Monero at small scale and in low volume.
Away from blockchain, North Korean leaders have increasingly been using their access to the global internet in their professional lives, as well as gaming and streaming videos.
The analysis also showed that they are moving away from Western internet services such as Google, Facebook and Instagram to Chinese equivalents.